Buffer overflow issue.

This is a discussion on Buffer overflow issue. within the C Programming forums, part of the General Programming Boards category; So I was told if you use
Code:
char whatever[BUFSIZE +1]
you could prevent buffer overflow. However on compiling a ...

Originally posted by Prelude
>>you could prevent buffer overflow.
No, you're confusing the operations of the input buffer with buffer overrun, where data is written beyond the boundaries of memory that you own.

Could you explain a bit more please. Buffer overun is when data is written beyond what? your memory/storage capacity?. So buffer overflow is what? beyond your input buffer? ex

Code:

char buffer[40]

anything beyond that is overflow? Is that correct. Would you even be able to input data beyound what is specified in the array?

>Could you explain a bit more please.
The input buffer is a mechanism for efficiency. If the buffer is 512 bytes, then to avoid expensive I/O operations any new data will be passed to the buffer, not written to the final destination. When the buffer is full, it writes its contents to the final destination. The important thing to notice is that if there is more data, this process continues whether your program can handle it or not. If the input buffer holds 40 characters but the user enters 50, your program still gets 50.

Buffer overflow is a bug in your code where your program receives more data than it can handle and begins trashing memory that it doesn't own. If you have an array that can only hold 40 characters, yet the user enters 50 and you aren't prepared for 50, that is buffer overflow. Buffer overflow and buffer overrun are synonyms. The distinction you need to make is the system's input buffer and your program's input buffer.